WordPress Release: 5.6.6

TL;DR

WordPress 5.6.6 is a maintenance release that focuses on improving testing infrastructure and addressing a critical SSL certificate issue. It introduces the PHPUnit Polyfills package to enhance cross-branch testing capabilities and removes an expired DST Root CA X3 certificate that was causing SSL verification failures with Let's Encrypt certificates. This release ensures WordPress continues to work properly with modern SSL certificates and improves the developer experience for those maintaining code across multiple WordPress versions.

Highlight of the Release

• Introduction of PHPUnit Polyfills package for better cross-branch testing
• Removal of expired DST Root CA X3 certificate to fix Let's Encrypt compatibility issues
• Improved test infrastructure with support for both camelCase and snake_case fixture methods
• Fixed PHP 5.6 testing environment to address expired OpenSSL certificate issues

Migration Guide

No specific migration steps are required for most users when upgrading to WordPress 5.6.6. The update addresses background infrastructure issues and should not impact existing functionality.

For Developers Using Custom Test Suites

If you maintain custom test suites for WordPress plugins or themes:

1. You can now take advantage of the PHPUnit Polyfills package for cross-version testing
2. Be aware that both camelCase and snake_case fixture methods are now supported
3. If you have custom test classes that modify the normal execution order of fixture methods (rare cases), you may need to review your implementation as the execution order might be affected

Note that in rare cases where test classes don't adhere to the normal execution order for fixtures (e.g., having code before and after the parent::setUp() call), the execution order may change, which could have side effects.

Upgrade Recommendations

This update is recommended for all WordPress 5.6.x users, especially those:

1. Running sites that connect to services using Let's Encrypt SSL certificates
2. Using PHP versions with older OpenSSL implementations
3. Developing or maintaining plugins/themes with test suites

The security fix for the expired DST Root CA X3 certificate is particularly important as it prevents potential SSL verification failures that could impact site functionality and security.

As this is a maintenance release focused on infrastructure and compatibility, it should be safe to apply without concerns about breaking changes to site functionality.

Bug Fixes

SSL Certificate Verification Fix

The release removes the DST Root CA X3 certificate that expired on September 30, 2021. This certificate was causing issues with Let's Encrypt SSL certificate verification, particularly with OpenSSL 1.0.2 which would select the expired certificate path for verification.

Test Infrastructure Fixes

• Fixed test forward-compatibility layer where test wrapper methods were not being called due to naming issues
• Added proper camelCase wrappers to the WP_UnitTestCase to ensure methods are called in the correct order
• Added wrappers for assertPreConditions() and assertPostConditions() fixture methods
• Fixed an issue with the PHP 5.6 testing environment that was using an OpenSSL version with an expired certificate

New Features

PHPUnit Polyfills Package

WordPress 5.6.6 introduces the PHPUnit Polyfills package to the core testing infrastructure. This addition makes it significantly easier for developers to write tests that work across multiple WordPress versions, especially when adding tests for newer versions of PHP that require more modern PHPUnit practices.

The package provides:

• Compatibility layers for different PHPUnit versions
• Support for both camelCase and snake_case fixture methods
• Wrappers that allow developers to transition to newer PHPUnit naming conventions while maintaining backward compatibility

Security Updates

SSL Certificate Chain Fix

This release addresses a critical security-related issue by removing the expired DST Root CA X3 certificate. The certificate expired on September 30, 2021, and was causing SSL verification failures with Let's Encrypt certificates, particularly when using OpenSSL 1.0.2.

This fix ensures that WordPress sites can continue to establish secure connections with services using Let's Encrypt certificates, maintaining the security of data transfers between WordPress and external services.

Performance Improvements

No significant performance improvements were included in this release. The changes primarily focus on testing infrastructure and security certificate compatibility.

Impact Summary

WordPress 5.6.6 addresses two key areas: testing infrastructure and SSL certificate compatibility.

The introduction of the PHPUnit Polyfills package significantly improves the developer experience by making it easier to write and maintain tests that work across multiple WordPress versions. This is particularly valuable for plugin and theme developers who need to support a range of WordPress versions while also adopting modern testing practices.

The removal of the expired DST Root CA X3 certificate resolves a critical compatibility issue with Let's Encrypt certificates. Without this fix, sites running on older versions of OpenSSL (particularly 1.0.2) would experience SSL verification failures when connecting to services using Let's Encrypt certificates. This could potentially disrupt various site functions that rely on external API connections, including update checks, external content embedding, and third-party integrations.

While these changes are largely invisible to end users, they represent important infrastructure improvements that maintain WordPress's security posture and developer-friendly ecosystem.